cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

New phishing attacks abusing OAuth authorization flows

jhwong
Moderator
Moderator

We just published the first three parts of a multi-blog series on new phishing attacks that can exploit OAuth 2.0 authorization flows:

https://www.netskope.com/blog/new-phishing-attacks-exploiting-oauth-authorization-flows-part-1

https://www.netskope.com/blog/new-phishing-attacks-exploiting-oauth-authentication-flows-part-2

https://www.netskope.com/blog/new-phishing-attacks-exploiting-oauth-authentication-flows-part-3

 

We believe there will be an increasing trend in phishing and other attacks that abuse the OAuth protocol itself in order to gain advantages such as: obtaining OAuth session tokens which bypass MFA and are practically permanent, as well as take advantage of quirks such as being able to spoof other applications easily.

 

This is based upon a Def Con 29 presentation given on August 7, 2021. Currently, there is more exposure for Microsoft O365/Azure users due to their implementation of the device authorization grant flow. However, much of the material applies to any use of OAuth within your organization.

 

Please let us know if you have questions or would like to discuss this in more detail.

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In